ala ala - 10 months ago 77
C# Question

how to use RSA to encrypt files (huge data) in C#

I'm new to encryption. I need to implement asymmetric encryption algorithm, which i think it uses private/public key. I started using a sample of RSACryptoServiceProvider. it was ok with small data to encrypt. But when using it on relatively larger data "2 lines", i get the exception CryptographicException "Bad Length"!

//Create a new instance of RSACryptoServiceProvider.
using (RSACryptoServiceProvider RSA = new RSACryptoServiceProvider())
{

//Import the RSA Key information. This only needs
//toinclude the public key information.
//RSA.ImportParameters(RSAKeyInfo);
byte[] keyValue = Convert.FromBase64String(publicKey);
RSA.ImportCspBlob(keyValue);

//Encrypt the passed byte array and specify OAEP padding.
//OAEP padding is only available on Microsoft Windows XP or
//later.
encryptedData = RSA.Encrypt(DataToEncrypt, DoOAEPPadding);
}


Then I found some samples of encrypting large data (or files) by using CryptoStream, and only use symmetric algorithms like DES or 3DES, which have the function CreateEncryptor to return ICryptoTransform as one of the input to the constructor of CryptoStream!!!

CryptoStream cStream = new CryptoStream(fStream,
new TripleDESCryptoServiceProvider().CreateEncryptor(Key, IV),
CryptoStreamMode.Write);


What is the way to encrypt files using RSA?

Answer Source

As mentioned in other answers asymmetric encryption is only designed for encrypting data smaller than it's key size.

One option that I have implemented when needing to transfer large amounts of encrypted data between two systems is to have an RSA keypair whose public key is known to both the sender and the receiver then when data needs to be sent the receiver generates a new RSA keypair, encrypts the public key of that keypair with the common public key and sends the encrypted public key to the sender. The sender decrypts the receivers public key using it's private key (which the receiver does not need to know, just as the sender does not need to know the receivers generated private key), generates a symmetric encryption key, encrypts the data with the symmetric key and then encrypts the symmetric key using the public key received from the receiver. Both the encrypted symmetric key and the encrypted data are then sent to the receiver which uses it's generated private key to decrypt the symmetric key and then decrypts the data.

You can use the RSACryptoServiceProvider.ToXMLString() and RSACryptoServiceProvider.FromXMLString() methods to store the common public key as an XML string literal in the receiver application.

Don't forget, when you generate the symmetric encryption key to use RNGCryptoServiceProvider() to generate the key as it is a much more secure method of generating (pseudo) random numbers.

Also, I strongly recommend against using 3DES as your symmetric encryption algorithm, it is old and starting to show it's age. Use AES symmetric encryption with either the AesCryptoServiceProvicer or RijndaelManaged classes.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download